|
|
Connection String – R/W Password question
Posted: 29 Nov 07 3:17 PM
|
I’m having one of those days. I *thought* I had read somewhere that you could create a connection string for an outside application (in this case .Net Webservice) that does NOT use or pass a Userid and/or Password, but simply the Read/Write password.
But all my reading this afternoon indicates otherwise…
Aside: I could set up a Service Account in AD, make my webservice run under that service account, create a user account in SLX for the service account and turn on integrated security for that user, and modify the connection string to include ‘Integrated Security=True’ but that doesn’t quite achieve my goal…
My problem is this; I have a backend process webservice that integrates opportunity data with other systems. We recently started using SLX built-in security for several accounts. The account used in my connection string in not on the security teams, thus the webservice fails when I has to send that data because the user doesn’t have access. I can add the user to the security teams, but then have to explain to management (and auditors) who this non-user is and why that’s not a security risk (which it is).
Any ideas?
|
|
|
|
Re: Connection String – R/W Password question
Posted: 29 Nov 07 3:59 PM
|
You *always* have to supply a user/password (as you've discovered). No way around that.
What you'll want to do is log in as the admin user, but then impersonate the specific user so that this user's security is used for your queries. Does that make sense?
Basically, you'll append "impersonate=myusername" to the connection string and make the connection (again, using the admin's credentials in the connection string). This way, you only need to know the admin's credentials, but can still impersonate to get the security for the right user.
Is that what you're after, or did I misunderstand? |
|
|
|
Re: Connection String – R/W Password question
Posted: 03 Dec 07 8:00 AM
|
I knew about the impersonate, but I hadn't applied it in this situation - that makes perfect sense.
What still gives me the willies is storing/passing the Admin password in my web.config. I'm not a fan of that idea...
Can I impersonate from another ID (non-Admin?)
|
|
|
|
Re: Connection String – R/W Password question
Posted: 03 Dec 07 8:31 AM
|
Originally posted by Shawn O'Ferrall
Can I impersonate from another ID (non-Admin?) |
|
Nope. You could always store the login values in your web.config encrypted (or elsewhere, such as a database that you could connect to with a trusted connection and then retrieve the login values). |
|
|
| |
|